Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6971
Views
0
Helpful
5
Replies

Configuring Radius on a 2950G switch with IOS 12.1

Shawn Roman
Level 1
Level 1

‎07-21-2011 06:31 AM - last edited on ‎03-25-2019 04:15 PM by Community Manager

Does anyone have a working a config or any ideas as to to getting radius to work on a 2950G switch with an older IOS of 12.1(22)EA1.

I have radius setup on a windows 2k8 box and all of my other switches 2960's and above have no issues. I am unable to input the nas-identifier of 32 into the config using - radius-server 32 attribute 32 include-in-access-req format %h as well as the aaa session-id common commands.

Doing a debug radius says that the radius server is not defined.

Here is a snippet of my log:

hb radius logs.PNG

Also attached is a copy of my current running config.

Any help would be greatly appreciated.

Thanks,

Shawn

Labels:
103608-hb config.txt.zip
0 Helpful
5 Replies 5

nikalleyne
Level 1
Level 1

‎07-21-2011 08:22 AM

If you notice below, there is no "

aaa authorization exec default group radius_ew local". This is because, even though the device get's authenticated it fails the authorization. So if you wish to go straight into enable mode add the following to your vty line

!

line vty 0 15

privilege level 15

!

Below config is mine

login authentication Maxxam-RADIUS

Cisco Internetwork Operating System Software

IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA2, RELEASE SOFTWARE (fc1)

aaa new-model

aaa authentication login RADIUS-GROUP group radius local

aaa accounting exec RADIUS-GROUP start-stop group radius

ip radius source-interface VlanX

radius-server host 192.168.x.20 auth-port 1645 acct-port 1646 key MyKey

radius-server host 192.168.x.11 auth-port 1645 acct-port 1646 key MyKey

radius-server retransmit 3

radius-server deadtime 1

!

This should work for you

aaa authorization exec default group radius_ew local - DELETE THIS LINE

if you wish to use radius at the console login

!

line con 0

login authentication radius_ew - ADD THIS LINE

privilege level 15 - ADD THIS LINE

!

Radius on TTY lines

!

line vty 0 15

login authentication radius_ew - ADD THIS LINE

privilege level 15 - ADD THIS LINE

!

P.S. You should upgrade to 12.1(22)EA14

Let me know if this helps

0 Helpful

Shawn Roman
Level 1
Level 1
In response to nikalleyne

‎07-22-2011 06:57 AM

Thanks Ill give this a try and update you in about an hour...

0 Helpful

Shawn Roman
Level 1
Level 1
In response to Shawn Roman

‎07-22-2011 08:42 AM

Getting the below error when trying to apply the command -

Any suggestions

0 Helpful

Shawn Roman
Level 1
Level 1

‎03-13-2012 12:23 PM

Can anyone help me further with this. I need to be able to configure radius on some old 2950 switches running IOS 12.1 but the commands are different from the newer IOS....

0 Helpful

lukasdrbo
Level 1
Level 1
In response to Shawn Roman

‎07-25-2012 04:17 AM

this is my cfg:

aaa new-model

aaa authentication login default local group radius

radius-server host x.x.x.x. auth-port 1645 acct-port 1646

radius-server key 0 yourpassword

line vty 0 15

privilege level 15

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card